You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
If the suffix on which you want to configure attribute encryption contains any entries whatsoever, you must first export the contents of that suffix to an LDIF file.
If the suffix contains encrypted attributes and you plan to re-initialize the suffix using the exported LDIF file, you can leave the attributes encrypted in the exported LDIF .
To enable encryption for an attribute, use this command:
$ dsconf create-encrypted-attr -h host -p port suffix-DN attr-name cipher-name
where cipher-name is one of the following:
des - DES block cipher
des3 - Triple-DES block cipher
rc2 - RC2 block cipher
rc4 - RC4 stream cipher
$ dsconf create-encrypted-attr -h host1 -p 1389 dc=example,dc=com uid rc4
To return an encrypted attribute to its original state, use this command:
$ dsconf delete-encrypted-attr -h host -p port suffix-DN attr-name
If you have changed the configuration to encrypt one or more attributes, and these attributes had values before the import operation, clear the database cache and remove the log.
Any unencrypted values will not be visible in the database cache and database log.
If you delete these files, you will lose some tracking information. In addition, after you delete these files, the server will be in recovery mode, and might take a long time to restart.
To clear the database cache and remove the log:
Stop Directory Server as described in Starting, Stopping, and Restarting a Directory Server Instance.
As root or a user with administrator privileges, delete the database cache files from your file system.
# rm instance-path/db/__db.*
Delete the database log file from your file system.
# rm instance-path/db/log.0000000001
Restart Directory Server.
The server will automatically create new database cache files. Performance of operations in this suffix might be slightly impacted until the cache is filled again.
Initialize the suffix with an LDIF file as described in Initializing a Suffix.
As the file is loaded and the corresponding indexes are created, all values of the specified attributes will be encrypted.